As part of https://bugs.launchpad.net/tripleo/+bug/1657108, a bug was fixed where the initial firewall gets purged as part of the image build. This is needed because if you have by default REJECT rules in iptables, you can have problems with pacemaker initializing the cluster, see also https://bugs.launchpad.net/tripleo/+bug/1672216 We also need to perform the same purge steps in the deployed server bootstrap SoftwareConfig.
Please disregard previous comment, it was wrongly posted. As of build 2017-04-20.2 this bug is still present. [stack@undercloud-0 ~]$ rpm -q openstack-tripleo-heat-templates openstack-tripleo-heat-templates-6.0.0-5.el7ost.noarch
I can see that following lines are present in deployed-server-bootstrap-rhel.sh echo '# empty ruleset created by deployed-server bootstrap' > /etc/sysconfig/iptables echo '# empty ruleset created by deployed-server bootstrap' > /etc/sysconfig/ip6tables But unless manually executed on overcloud nodes, deployment does not move any further and fails after some time.
I'm not sure what was happening yesterday, left 2 other deployments overnight both succeed. The only thing I did is executed fstrim on both servers prior to that. Marking it as verified for build 20.2
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2017:1245